Re: [keycloak-user] Password expiry policy not working for federated user
Hi All,
We are using OpenLDAP.
I found out that there is ldap mapper precisely
user-account-control-mapper, by adding this LDAP password policy will be
respected.
on doing this we are getting update password UI, on login. But while
updating the password we are getting below error:
On update the password:
On UI: Could not modify attribute for DN [uid=xxxxxxx,dc=tt,dc=zz,dc=br]
On ldap.log we can see below error coming up:
conn=1159 op=1 do_modify: get_ctrls failed
Please suggest us what are we missing or can correct in our configuration.
Thanks & Regards
Kapil
On Thu, Apr 11, 2019 at 7:32 PM kapil joshi <kapilkumarjoshi001(a)gmail.com>
wrote:
Hi All,
Password expiry policy not working for federated user. We can see that the
password has expired for LDAP user, which was set to 90 days, but user can
still login to UI via keycloak authentication.
Kindly point us what are we missing.
Please note we have enabled the switch to sync password policy with
federated user.
Thanks & regards
Kapil